Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

                   Security update for the Linux Kernel
                                10 May 2023


        AusCERT Security Bulletin Summary

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-30772 CVE-2023-23006 CVE-2023-2235
                   CVE-2023-2176 CVE-2023-2019 CVE-2023-2008
                   CVE-2023-1998 CVE-2023-1990 CVE-2023-1989
                   CVE-2023-1855 CVE-2023-1670 CVE-2023-0386

Original Bulletin: 

Comment: CVSS (Max):  7.8 CVE-2023-2235 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: SUSE
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update for the Linux Kernel

Announcement ID:  SUSE-SU-2023:2141-1
     Rating:      important
                    o #1142685
                    o #1155798
                    o #1174777
                    o #1189999
                    o #1194869
                    o #1203039
                    o #1203325
                    o #1206649
                    o #1206891
                    o #1206992
                    o #1207088
                    o #1208076
                    o #1208845
                    o #1209615
                    o #1209693
                    o #1209739
                    o #1209871
                    o #1209927
                    o #1209999
                    o #1210034
                    o #1210158
                    o #1210202
                    o #1210206
                    o #1210301
   References:      o #1210329
                    o #1210336
                    o #1210337
                    o #1210439
                    o #1210469
                    o #1210629
                    o #1210725
                    o #1210762
                    o #1210763
                    o #1210764
                    o #1210765
                    o #1210766
                    o #1210767
                    o #1210768
                    o #1210769
                    o #1210770
                    o #1210771
                    o #1210793
                    o #1210816
                    o #1210817
                    o #1210827
                    o #1210943
                    o #1210953
                    o #1211025

                    o CVE-2022-2196
                    o CVE-2023-0386
                    o CVE-2023-1670
                    o CVE-2023-1855
                    o CVE-2023-1989
                    o CVE-2023-1990
Cross-References:   o CVE-2023-1998
                    o CVE-2023-2008
                    o CVE-2023-2019
                    o CVE-2023-2176
                    o CVE-2023-2235
                    o CVE-2023-23006
                    o CVE-2023-30772

                    o CVE-2022-2196 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/
                    o CVE-2022-2196 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/
                    o CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1855 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/
                    o CVE-2023-1855 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1990 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1990 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-1998 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
  CVSS scores:      o CVE-2023-1998 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/
                    o CVE-2023-2008 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
                    o CVE-2023-2008 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-2019 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/
                    o CVE-2023-2019 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/
                    o CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-23006 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:H/PR:H/UI:N
                    o CVE-2023-23006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/
                    o CVE-2023-30772 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N
                    o CVE-2023-30772 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/

                    o openSUSE Leap 15.4
                    o Public Cloud Module 15-SP4
                    o SUSE Linux Enterprise High Performance Computing 15 SP4
    Affected        o SUSE Linux Enterprise Server 15 SP4
    Products:       o SUSE Linux Enterprise Server for SAP Applications 15 SP4
                    o SUSE Manager Proxy 4.3
                    o SUSE Manager Retail Branch Server 4.3
                    o SUSE Manager Server 4.3

An update that solves 13 vulnerabilities, contains two features and has 35
fixes can now be installed.


The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed:

  o CVE-2023-2235: A use-after-free vulnerability in the Performance Events
    system can be exploited to achieve local privilege escalation (bsc#
  o CVE-2022-2196: Fixed a regression related to KVM that allowed for
    speculative execution attacks (bsc#1206992).
  o CVE-2023-23006: Fixed NULL checking against IS_ERR in
    dr_domain_init_resources (bsc#1208845).
  o CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet
    driver. A local user could use this flaw to crash the system or potentially
    escalate their privileges on the system (bsc#1209871).
  o CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in
    drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in
    out-of-boundary read, where a local user can utilize this problem to crash
    the system or escalation of privilege (bsc#1210629).
  o CVE-2023-0386: A flaw was found where unauthorized access to the execution
    of the setuid file with capabilities was found in the OverlayFS subsystem,
    when a user copies a capable file from a nosuid mount into another mount.
    This uid mapping bug allowed a local user to escalate their privileges on
    the system (bsc#1209615).
  o CVE-2023-1998: Fixed a use after free during login when accessing the shost
    ipaddress (bsc#1210506).
  o CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
  o CVE-2023-30772: Fixed a race condition and resultant use-after-free in
    da9150_charger_remove (bsc#1210329).
  o CVE-2023-2019: A flaw was found in the netdevsim device driver, more
    specifically within the scheduling of events. This issue results from the
    improper management of a reference count and may lead to a denial of
    service (bsc#1210454).
  o CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device
    driver. An attacker can leverage this vulnerability to escalate privileges
    and execute arbitrary code (bsc#1210453).
  o CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
  o CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).

The following non-security bugs were fixed:

  o ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
  o ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
  o ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
  o ALSA: emu10k1: do not create old pass-through playback device on Audigy
  o ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
  o ALSA: firewire-tascam: add missing unwind goto in
    snd_tscm_stream_start_duplex() (git-fixes).
  o ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock
  o ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
  o ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP
    Laptops (git-fixes).
  o ALSA: hda/realtek: Remove specific patch for Dell Precision 3260
  o ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
  o ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform
  o ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
  o ALSA: hda/sigmatel: fix S/PDIF out on Intel D 45 motherboards (git-fixes).
  o ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
  o ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
  o ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
  o ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
  o ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
  o ARM: dts: gta04: fix excess dma channel usage (git-fixes).
  o ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
  o ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
  o ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
  o ASN.1: Fix check for strdup() success (git-fixes).
  o ASoC: cs35l41: Only disable internal boost (git-fixes).
  o ASoC: es8316: Handle optional IRQ assignment (git-fixes).
  o ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
  o ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
  o Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP
  o Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and
    cpuset_cancel_fork() methods
  o Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
  o Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
  o Drivers: vmbus: Check for channel allocation before looking up relids
  o IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
  o Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
  o Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
  o KEYS: Add missing function documentation (git-fixes).
  o KEYS: Create static version of public_key_verify_signature (git-fixes).
  o NFS: Cleanup unused rpc_clnt variable (git-fixes).
  o NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
  o NFSD: callback request does not use correct credential for AUTH_SYS
  o PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
  o PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
  o PCI: imx6: Install the fault handler only on compatible match (git-fixes).
  o PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
  o PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
  o PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
  o PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
  o RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
  o RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
  o RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
  o RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
  o RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
  o Remove obsolete KMP obsoletes (bsc#1210469).
  o Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to
    unfinished work" (git-fixes).
  o Revert "pinctrl: amd: Disable and mask interrupts on resume" (git-fixes).
  o USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
  o USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
  o USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
  o USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
  o USB: serial: option: add Telit FE990 compositions (git-fixes).
  o USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
  o amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
  o arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
  o arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
  o arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node
  o arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
  o arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994
    regulator (git-fixes).
  o arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from
    PMI8994 regulator (git-fixes).
  o arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
  o arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
  o arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
  o arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
  o arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
  o arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
  o arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table
  o arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table
  o arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
  o bluetooth: Perform careful capability checks in hci_sock_ioctl()
  o cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
  o cifs: fix negotiate context parsing (bsc#1210301).
  o clk: add missing of_node_put() in "assigned-clocks" property parsing
  o clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
  o clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
  o clk: sprd: set max_register according to mapping range (git-fixes).
  o clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when
    init fails (git-fixes).
  o cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#
  o cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
  o cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
  o crypto: caam - Clear some memory in instantiate_rng (git-fixes).
  o crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
  o crypto: sa2ul - Select CRYPTO_DES (git-fixes).
  o crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
  o driver core: Do not require dynamic_debug for initcall_debug probe timing
  o drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler()
  o drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler()
  o drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known
    override-init warnings (git-fixes).
  o drm/amd/display: Fix potential null dereference (git-fixes).
  o drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
  o drm/armada: Fix a potential double free in an error handling path
  o drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535
  o drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
  o drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
  o drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
  o drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
  o drm/i915: Fix fast wake AUX sync len (git-fixes).
  o drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
  o drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
  o drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
  o drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
  o drm/msm/disp/dpu: check for crtc enable rather than crtc active to release
    shared resources (git-fixes).
  o drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
  o drm/nouveau/disp: Support more modes by checking with lower bpc
  o drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
  o drm/probe-helper: Cancel previous job before starting new one (git-fixes).
  o drm/rockchip: Drop unbalanced obj unref (git-fixes).
  o drm/vgem: add missing mutex_destroy (git-fixes).
  o drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
  o drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F
  o drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
  o dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
  o dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
  o dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match
  o dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
  o dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
  o dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994
  o e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
  o efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
  o ext4: Fix deadlock during directory rename (bsc#1210763).
  o ext4: Fix possible corruption when moving a directory (bsc#1210763).
  o ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
  o ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#
  o ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
  o ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#
  o ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
  o ext4: fix incorrect options show of original mount_opt and extend
    mount_opt2 (bsc#1210764).
  o ext4: fix possible double unlock when moving a directory (bsc#1210763).
  o ext4: use ext4_journal_start/stop for fast commit transactions (bsc#
  o fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
  o firmware: qcom_scm: Clear download bit during reboot (git-fixes).
  o firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
  o fpga: bridge: fix kernel-doc parameter description (git-fixes).
  o hwmon: (adt7475) Use device_property APIs when configuring polarity
  o hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write
  o hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E
  o i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path
  o i2c: hisi: Avoid redundant interrupts (git-fixes).
  o i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
  o i2c: ocores: generate stop condition after timeout in polling mode
  o i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
  o ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#
  o iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger
    () (git-fixes).
  o iio: light: tsl2772: fix reading proximity-diodes from device tree
  o ipmi: fix SSIF not responding under certain cond (git-fixes).
  o ipmi:ssif: Add send_retries increment (git-fixes).
  o k-m-s: Drop Linux 2.6 support
  o kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
  o kABI: x86/msi: Fix msi message data shadow struct (kabi).
  o kabi/severities: ignore KABI for NVMe target (bsc#1174777).
  o keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
  o locking/rwbase: Mitigate indefinite writer starvation.
  o media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
  o media: dm1105: Fix use after free bug in dm1105_remove due to race
    condition (git-fixes).
  o media: max9286: Free control handler (git-fixes).
  o media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
  o media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
  o media: saa7134: fix use after free bug in saa7134_finidev due to race
    condition (git-fixes).
  o media: venus: dec: Fix handling of the start cmd (git-fixes).
  o memstick: fix memory leak if card device is never registered (git-fixes).
  o mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
  o mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages
  o mm: take a page reference when removing device exclusive entries (bsc#
  o mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data
  o mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
  o mtd: core: fix error path for nvmem provider (git-fixes).
  o mtd: core: fix nvmem error reporting (git-fixes).
  o mtd: core: provide unique name for nvmem device, take two (git-fixes).
  o mtd: spi-nor: Fix a trivial typo (git-fixes).
  o net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
  o net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow
  o nfsd: call op_release, even when op_func returns an error (git-fixes).
  o nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
  o nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
  o nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
  o nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
  o nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage"
  o nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
  o nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
  o nvme-multipath: fix possible hang in live ns resize with ANA access
  o nvme-pci: fix doorbell buffer value endianness (git-fixes).
  o nvme-pci: fix mempool alloc size (git-fixes).
  o nvme-pci: fix page size checks (git-fixes).
  o nvme-pci: fix timeout request state check (git-fixes).
  o nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
  o nvme-tcp: fix possible circular locking when deleting a controller under
    memory pressure (git-fixes).
  o nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
  o nvme-tcp: fix regression that causes sporadic requests to time out
  o nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices
  o nvme: add device name to warning in uuid_show() (git-fixes).
  o nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
  o nvme: copy firmware_rev on each init (git-fixes).
  o nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
  o nvme: fix async event trace event (git-fixes).
  o nvme: fix handling single range discard request (git-fixes).
  o nvme: fix per-namespace chardev deletion (git-fixes).
  o nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
  o nvme: fix the read-only state for zoned namespaces with unsupposed features
  o nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
  o nvme: move nvme_multi_css into nvme.h (git-fixes).
  o nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
  o nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
  o nvme: set dma alignment to dword (git-fixes).
  o nvme: use command_id instead of req->tag in trace_nvme_complete_rq()
  o nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
  o nvmet-tcp: fix incomplete data digest send (git-fixes).
  o nvmet-tcp: fix regression in data_digest calculation (git-fixes).
  o nvmet: add helpers to set the result field for connect commands
  o nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
  o nvmet: do not defer passthrough commands with trivial effects to the
    workqueue (git-fixes).
  o nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
  o nvmet: fix Identify Active Namespace ID list handling (git-fixes).
  o nvmet: fix Identify Controller handling (git-fixes).
  o nvmet: fix Identify Namespace handling (git-fixes).
  o nvmet: fix a memory leak (git-fixes).
  o nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
  o nvmet: fix a use-after-free (git-fixes).
  o nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show
  o nvmet: force reconnect when number of queue changes (git-fixes).
  o nvmet: looks at the passthrough controller when initializing CAP
  o nvmet: only allocate a single slab for bvecs (git-fixes).
  o nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
  o perf/core: Fix perf_output_begin parameter is incorrectly invoked in
    perf_event_bpf_output (git fixes).
  o perf/core: Fix the same task check in perf_event_set_output (git fixes).
  o perf: Fix check before add_event_to_groups() in perf_group_detach() (git
  o perf: fix perf_event_context->time (git fixes).
  o platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
  o platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
  o power: supply: cros_usbpd: reclassify "default case!" as debug (git-fixes).
  o power: supply: generic-adc-battery: fix unit scaling (git-fixes).
  o powerpc/64: Always build with 128-bit long double (bsc#1194869).
  o powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
  o powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
  o powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#
    1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
  o powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
  o powerpc/pseries: Consolidate different NUMA distance update code paths (bsc
    #1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
  o powerpc: declare unmodified attribute_group usages const (git-fixes).
  o regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
  o regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow
    () (git-fixes).
  o regulator: core: Shorten off-on-delay-us for always-on/boot-on by time
    since booted (git-fixes).
  o regulator: fan53555: Explicitly include bits header (git-fixes).
  o regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
  o regulator: stm32-pwr: fix of_iomap leak (git-fixes).
  o remoteproc: Harden rproc_handle_vdev() against integer overflow
  o remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
  o remoteproc: st: Call of_node_put() on iteration error (git-fixes).
  o remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
  o rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time
  o rtc: omap: include header for omap_rtc_power_off_program prototype
  o sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional
    and performance backports)).
  o sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional
    and performance backports)).
  o sched/fair: Move calculate of avg_load to a better location (bsc#1155798).
  o sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
  o sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
  o sched/numa: Stop an exhastive search if an idle core is found (bsc#
  o sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc
  o scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
  o scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039)
  o scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
  o scsi: core: Fix a procfs host directory removal regression (git-fixes).
  o scsi: core: Fix a source code comment (git-fixes).
  o scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
  o scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
  o scsi: hisi_sas: Set a port invalid only if there are no devices attached
    when refreshing port id (git-fixes).
  o scsi: ipr: Work around fortify-string warning (git-fixes).
  o scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
  o scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
  o scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
  o scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
  o scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev()
  o scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
  o scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
  o scsi: lpfc: Copyright updates for patches (bsc#1210943).
  o scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery
  o scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing
    REG_LOGIN (bsc#1210943).
  o scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
  o scsi: lpfc: Fix double word in comments (bsc#1210943).
  o scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
  o scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver
  o scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#
  o scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#
  o scsi: lpfc: Reorder freeing of various DMA buffers and their list removal
  o scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc
  o scsi: lpfc: Silence an incorrect device output (bsc#1210943).
  o scsi: lpfc: Skip waiting for register ready bits when in unrecoverable
    state (bsc#1210943).
  o scsi: lpfc: Update lpfc version to (bsc#1210943).
  o scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
  o scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
  o scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
  o scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
  o scsi: mpt3sas: Fix a memory leak (git-fixes).
  o scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
  o scsi: qla2xxx: Perform lockless command completion in abort path
  o scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
  o scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#
  o scsi: sd: Fix wrong zone_write_granularity value during revalidate
  o scsi: ses: Do not attach if enclosure has no components (git-fixes).
  o scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
  o scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
  o scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
  o scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
  o scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
  o seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
  o selftests/kselftest/runner/run_one(): allow running non-executable files
  o selftests: sigaltstack: fix -Wuninitialized (git-fixes).
  o selinux: ensure av_permissions.h is built when needed (git-fixes).
  o selinux: fix Makefile dependencies of flask.h (git-fixes).
  o serial: 8250: Add missing wakeup event reporting (git-fixes).
  o serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
  o serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards
  o serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
  o signal handling: do not use BUG_ON() for debugging (bsc#1210439).
  o signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#
  o signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
  o signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
  o soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
  o spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
  o spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
  o spi: qup: Do not skip cleanup in remove's error path (git-fixes).
  o staging: iio: resolver: ads1210: fix config mode (git-fixes).
  o staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
  o stat: fix inconsistency between struct stat and struct compat_stat
  o sunrpc: only free unix grouplist after RCU settles (git-fixes).
  o tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
  o tty: serial: fsl_lpuart: adjust buffer length to the intended size
  o udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
  o udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
  o udf: Support splicing to file (bsc#1210770).
  o usb: chipidea: fix missing goto in ci_hdrc_probe (git-fixes).
  o usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
  o usb: dwc3: gadget: Change condition for processing suspend event
  o usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
  o usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
  o usb: gadget: udc: renesas_usb3: Fix use after free bug in
    renesas_usb3_remove due to race condition (git-fixes).
  o usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
  o virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
  o virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc
  o virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
  o virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case
  o virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
  o virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request
    () (bsc#1209927).
  o virt/coco/sev-guest: Simplify extended guest request handling (bsc#
  o virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#
  o virtio_ring: do not update event idx on get_buf (git-fixes).
  o vmci_host: fix a race condition in vmci_host_poll() causing GPF
  o vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
  o wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
  o wifi: ath6kl: minor fix for allocation size (git-fixes).
  o wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
  o wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
  o wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  o wifi: brcmfmac: support CQM RSSI notification with older firmware
  o wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
  o wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
  o wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
  o wifi: iwlwifi: fw: move memset before early return (git-fixes).
  o wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
  o wifi: iwlwifi: mvm: check firmware response size (git-fixes).
  o wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols
  o wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
  o wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
  o wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
  o wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
  o wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
  o wifi: mac80211: adjust scan cancel comment/check (git-fixes).
  o wifi: mt76: add missing locking to protect against concurrent rx/status
    calls (git-fixes).
  o wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
  o wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
  o wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
  o wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
  o wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
  o wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
  o wifi: rtw88: mac: Return the original error from rtw_mac_power_switch()
  o wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser()
  o wifi: rtw89: fix potential race condition between napi_init and napi_enable
  o writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#
  o x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
  o x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
  o x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
  o x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
  o x86/entry: Avoid very early RET (git-fixes).
  o x86/entry: Do not call error_entry() for XENPV (git-fixes).
  o x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
  o x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
  o x86/entry: Switch the stack after error_entry() returns (git-fixes).
  o x86/fpu: Prevent FPU state corruption (git-fixes).
  o x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
  o x86/msi: Fix msi message data shadow struct (git-fixes).
  o x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
  o x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
  o x86/tsx: Disable TSX development mode at boot (git-fixes).
  o x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
  o xhci: fix debugfs register accesses while suspended (git-fixes).

Special Instructions and Notes:

  o Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o openSUSE Leap 15.4
    zypper in -t patch openSUSE-SLE-15.4-2023-2141=1
  o Public Cloud Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2141=1

Package List:

  o openSUSE Leap 15.4 (aarch64 x86_64)
  o openSUSE Leap 15.4 (aarch64 nosrc x86_64)
  o openSUSE Leap 15.4 (noarch)
  o Public Cloud Module 15-SP4 (aarch64 nosrc x86_64)
  o Public Cloud Module 15-SP4 (aarch64 x86_64)
  o Public Cloud Module 15-SP4 (noarch)


  o https://www.suse.com/security/cve/CVE-2022-2196.html
  o https://www.suse.com/security/cve/CVE-2023-0386.html
  o https://www.suse.com/security/cve/CVE-2023-1670.html
  o https://www.suse.com/security/cve/CVE-2023-1855.html
  o https://www.suse.com/security/cve/CVE-2023-1989.html
  o https://www.suse.com/security/cve/CVE-2023-1990.html
  o https://www.suse.com/security/cve/CVE-2023-1998.html
  o https://www.suse.com/security/cve/CVE-2023-2008.html
  o https://www.suse.com/security/cve/CVE-2023-2019.html
  o https://www.suse.com/security/cve/CVE-2023-2176.html
  o https://www.suse.com/security/cve/CVE-2023-2235.html
  o https://www.suse.com/security/cve/CVE-2023-23006.html
  o https://www.suse.com/security/cve/CVE-2023-30772.html
  o https://bugzilla.suse.com/show_bug.cgiid=1142685
  o https://bugzilla.suse.com/show_bug.cgiid=1155798
  o https://bugzilla.suse.com/show_bug.cgiid=1174777
  o https://bugzilla.suse.com/show_bug.cgiid=1189999
  o https://bugzilla.suse.com/show_bug.cgiid=1194869
  o https://bugzilla.suse.com/show_bug.cgiid=1203039
  o https://bugzilla.suse.com/show_bug.cgiid=1203325
  o https://bugzilla.suse.com/show_bug.cgiid=1206649
  o https://bugzilla.suse.com/show_bug.cgiid=1206891
  o https://bugzilla.suse.com/show_bug.cgiid=1206992
  o https://bugzilla.suse.com/show_bug.cgiid=1207088
  o https://bugzilla.suse.com/show_bug.cgiid=1208076
  o https://bugzilla.suse.com/show_bug.cgiid=1208845
  o https://bugzilla.suse.com/show_bug.cgiid=1209615
  o https://bugzilla.suse.com/show_bug.cgiid=1209693
  o https://bugzilla.suse.com/show_bug.cgiid=1209739
  o https://bugzilla.suse.com/show_bug.cgiid=1209871
  o https://bugzilla.suse.com/show_bug.cgiid=1209927
  o https://bugzilla.suse.com/show_bug.cgiid=1209999
  o https://bugzilla.suse.com/show_bug.cgiid=1210034
  o https://bugzilla.suse.com/show_bug.cgiid=1210158
  o https://bugzilla.suse.com/show_bug.cgiid=1210202
  o https://bugzilla.suse.com/show_bug.cgiid=1210206
  o https://bugzilla.suse.com/show_bug.cgiid=1210301
  o https://bugzilla.suse.com/show_bug.cgiid=1210329
  o https://bugzilla.suse.com/show_bug.cgiid=1210336
  o https://bugzilla.suse.com/show_bug.cgiid=1210337
  o https://bugzilla.suse.com/show_bug.cgiid=1210439
  o https://bugzilla.suse.com/show_bug.cgiid=1210469
  o https://bugzilla.suse.com/show_bug.cgiid=1210629
  o https://bugzilla.suse.com/show_bug.cgiid=1210725
  o https://bugzilla.suse.com/show_bug.cgiid=1210762
  o https://bugzilla.suse.com/show_bug.cgiid=1210763
  o https://bugzilla.suse.com/show_bug.cgiid=1210764
  o https://bugzilla.suse.com/show_bug.cgiid=1210765
  o https://bugzilla.suse.com/show_bug.cgiid=1210766
  o https://bugzilla.suse.com/show_bug.cgiid=1210767
  o https://bugzilla.suse.com/show_bug.cgiid=1210768
  o https://bugzilla.suse.com/show_bug.cgiid=1210769
  o https://bugzilla.suse.com/show_bug.cgiid=1210770
  o https://bugzilla.suse.com/show_bug.cgiid=1210771
  o https://bugzilla.suse.com/show_bug.cgiid=1210793
  o https://bugzilla.suse.com/show_bug.cgiid=1210816
  o https://bugzilla.suse.com/show_bug.cgiid=1210817
  o https://bugzilla.suse.com/show_bug.cgiid=1210827
  o https://bugzilla.suse.com/show_bug.cgiid=1210943
  o https://bugzilla.suse.com/show_bug.cgiid=1210953
  o https://bugzilla.suse.com/show_bug.cgiid=1211025
  o https://jira.suse.com/browse/PED-3750
  o https://jira.suse.com/browse/PED-3759

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: https://auscert.org.au/gpg-key/